View | Details | Raw Unified | Return to bug 777 | Differences between
and this patch

Collapse All | Expand All

(-)b/daemon/remote.c (-8 / +25 lines)
 Lines 144-150   timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) Link Here 
144
 * (some openssl versions reject DH that is 'too small', eg. 512).
144
 * (some openssl versions reject DH that is 'too small', eg. 512).
145
 */
145
 */
146
#ifndef S_SPLINT_S
146
#ifndef S_SPLINT_S
147
DH *get_dh2048()
147
static DH *get_dh2048(void)
148
{
148
{
149
	static unsigned char dh2048_p[]={
149
	static unsigned char dh2048_p[]={
150
		0xE7,0x36,0x28,0x3B,0xE4,0xC3,0x32,0x1C,0x01,0xC3,0x67,0xD6,
150
		0xE7,0x36,0x28,0x3B,0xE4,0xC3,0x32,0x1C,0x01,0xC3,0x67,0xD6,
 Lines 173-186   DH *get_dh2048() Link Here 
173
	static unsigned char dh2048_g[]={
173
	static unsigned char dh2048_g[]={
174
		0x02,
174
		0x02,
175
		};
175
		};
176
	DH *dh;
176
	DH *dh = NULL;
177
	BIGNUM *p = NULL, *g = NULL;
177
178
178
	if ((dh=DH_new()) == NULL) return(NULL);
179
	dh = DH_new();
179
	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
180
	p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
180
	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
181
	g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
181
	if ((dh->p == NULL) || (dh->g == NULL))
182
	if (!dh || !p || !g)
182
		{ DH_free(dh); return(NULL); }
183
		goto err;
183
	return(dh);
184
185
#if OPENSSL_VERSION_NUMBER < 0x10100000
186
	dh->p = p;
187
	dh->g = g;
188
#else
189
	if (!DH_set0_pqg(dh, p, NULL, g))
190
		goto err;
191
#endif
192
	return dh;
193
err:
194
	if (p)
195
		BN_free(p);
196
	if (g)
197
		BN_free(g);
198
	if (dh)
199
		DH_free(dh);
200
	return NULL;
184
}
201
}
185
#endif /* SPLINT */
202
#endif /* SPLINT */
186
203
(-)b/sldns/keyraw.c (+30 lines)
 Lines 215-220   sldns_key_buf2dsa_raw(unsigned char* key, size_t len) Link Here 
215
		BN_free(Y);
215
		BN_free(Y);
216
		return NULL;
216
		return NULL;
217
	}
217
	}
218
#if OPENSSL_VERSION_NUMBER < 0x10100000
218
#ifndef S_SPLINT_S
219
#ifndef S_SPLINT_S
219
	dsa->p = P;
220
	dsa->p = P;
220
	dsa->q = Q;
221
	dsa->q = Q;
 Lines 222-227   sldns_key_buf2dsa_raw(unsigned char* key, size_t len) Link Here 
222
	dsa->pub_key = Y;
223
	dsa->pub_key = Y;
223
#endif /* splint */
224
#endif /* splint */
224
225
226
#else /* OPENSSL_VERSION_NUMBER */
227
	if (!DSA_set0_pqg(dsa, P, Q, G)) {
228
		/* QPG not yet attached, need to free */
229
		BN_free(Q);
230
		BN_free(P);
231
		BN_free(G);
232
233
		DSA_free(dsa);
234
		BN_free(Y);
235
		return NULL;
236
	}
237
	if (!DSA_set0_key(dsa, Y, NULL)) {
238
		/* QPG attached, cleaned up by DSA_fre() */
239
		DSA_free(dsa);
240
		BN_free(Y);
241
		return NULL;
242
	}
243
#endif
244
225
	return dsa;
245
	return dsa;
226
}
246
}
227
247
 Lines 273-283   sldns_key_buf2rsa_raw(unsigned char* key, size_t len) Link Here 
273
		BN_free(modulus);
293
		BN_free(modulus);
274
		return NULL;
294
		return NULL;
275
	}
295
	}
296
#if OPENSSL_VERSION_NUMBER < 0x10100000
276
#ifndef S_SPLINT_S
297
#ifndef S_SPLINT_S
277
	rsa->n = modulus;
298
	rsa->n = modulus;
278
	rsa->e = exponent;
299
	rsa->e = exponent;
279
#endif /* splint */
300
#endif /* splint */
280
301
302
#else /* OPENSSL_VERSION_NUMBER */
303
	if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
304
		BN_free(exponent);
305
		BN_free(modulus);
306
		RSA_free(rsa);
307
		return NULL;
308
	}
309
#endif
310
281
	return rsa;
311
	return rsa;
282
}
312
}
283
313
(-)b/validator/val_secalgo.c (-5 / +15 lines)
 Lines 72-77    Link Here 
72
#include <openssl/engine.h>
72
#include <openssl/engine.h>
73
#endif
73
#endif
74
74
75
static inline void ossl_CRYPTO_free(unsigned char *ptr,
76
				    const char *ATTR_UNUSED(file),
77
				    int ATTR_UNUSED(line))
78
{
79
#if OPENSSL_VERSION_NUMBER < 0x10100000
80
	CRYPTO_free(ptr);
81
#else
82
	CRYPTO_free(ptr, file, line);
83
#endif
84
}
85
75
/* return size of digest if supported, or 0 otherwise */
86
/* return size of digest if supported, or 0 otherwise */
76
size_t
87
size_t
77
nsec3_hash_algo_size_supported(int id)
88
nsec3_hash_algo_size_supported(int id)
 Lines 601-607   verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, Link Here 
601
		log_err("EVP_MD_CTX_new: malloc failure");
612
		log_err("EVP_MD_CTX_new: malloc failure");
602
		EVP_PKEY_free(evp_key);
613
		EVP_PKEY_free(evp_key);
603
		if(dofree) free(sigblock);
614
		if(dofree) free(sigblock);
604
		else if(docrypto_free) CRYPTO_free(sigblock);
615
		else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
605
		return sec_status_unchecked;
616
		return sec_status_unchecked;
606
	}
617
	}
607
	if(EVP_VerifyInit(ctx, digest_type) == 0) {
618
	if(EVP_VerifyInit(ctx, digest_type) == 0) {
 Lines 609-615   verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, Link Here 
609
		EVP_MD_CTX_destroy(ctx);
620
		EVP_MD_CTX_destroy(ctx);
610
		EVP_PKEY_free(evp_key);
621
		EVP_PKEY_free(evp_key);
611
		if(dofree) free(sigblock);
622
		if(dofree) free(sigblock);
612
		else if(docrypto_free) CRYPTO_free(sigblock);
623
		else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
613
		return sec_status_unchecked;
624
		return sec_status_unchecked;
614
	}
625
	}
615
	if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), 
626
	if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), 
 Lines 618-624   verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, Link Here 
618
		EVP_MD_CTX_destroy(ctx);
629
		EVP_MD_CTX_destroy(ctx);
619
		EVP_PKEY_free(evp_key);
630
		EVP_PKEY_free(evp_key);
620
		if(dofree) free(sigblock);
631
		if(dofree) free(sigblock);
621
		else if(docrypto_free) CRYPTO_free(sigblock);
632
		else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
622
		return sec_status_unchecked;
633
		return sec_status_unchecked;
623
	}
634
	}
624
635
 Lines 632-638   verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, Link Here 
632
	EVP_PKEY_free(evp_key);
643
	EVP_PKEY_free(evp_key);
633
644
634
	if(dofree) free(sigblock);
645
	if(dofree) free(sigblock);
635
	else if(docrypto_free) CRYPTO_free(sigblock);
646
	else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
636
647
637
	if(res == 1) {
648
	if(res == 1) {
638
		return sec_status_secure;
649
		return sec_status_secure;
639
- 

Return to bug 777